On ti, 23 touko 2017, Prasun Gera via FreeIPA-users wrote:
I posted this in the earlier thread, but didn't get a response. I was able to fix this on the master, but "getcert list -d /etc/httpd/alias -n "Server-Cert" on the replica doesn't return anything. Are the replica's SSL certs handled differently ?
I don't think there is any difference, not at least code-wise, for how HTTP service certificate is tracked in the case of IPA CA.
In case of a replica promotion a request to issue HTTP service certificate is routed to the original IPA CA master (because the one we will have on the replica itself is not yet here). Either way, certmonger is set to track the same Server-Cert certificate in /etc/httpd/alias during server upgrade process that is one of the last steps when replica is installed. -- / Alexander Bokovoy _______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org